Secure VPN infrastructures at the Edge
Welotec VPN Security Suite
When managing a high number of distributed devices in the field, connectivity and device access is key. However, setting up a secure VPN infrastructure which combines IT and OT comes along with a high effort in handling and coordination, especially in case of IT-Security. This includes e. g. establishing a secure connection, updating of certificates, or generating data flows.
A secure and scaleable Connection is crucial for the realiszation of IoT projects.
Easy build up of secure industrial VPN infrastructures to connect devices and machines
With our software solution Welotec VPN Security Suite users benefit from a fully automated VPN infrastructure enabling connectivity and secure access to devices like HMI, PLC, IPC and machines in the field. It comes with an easy deployment, brings flexibility in case of applications and ads an additional security layer to the network infrastructure. The advantages at a glance:
- Easy setup of automated industrial VPN infrastructures
- Docker VPN: Supports devices with Container Runtime or OpenVPN
- VPN concentrator with integrated firewall
- Embedded PKI for automated certificate handling
- Device management for easy rollout of configurations and updates
- On-premise solution
- Own WebUI for central administration
- REST-API for integration into ERP, Monitoring or SIEM
Industrial VPN router for IPC remote access
Funktionality of Welotec VPN Security Suite
The Welotec VPN Security Suite offers automated processes to roll out and manage VPN infrastructures. It consists of three components. This includes a central VPN Concentrator with integrated Firewall and access rules. An integrated Public Key Infrastructure (PKI) manages and renews digital certificates. The third component is a Device Management for rollouts and distributing configurations.
Fig. Structure of Welotec VPN Security Suite
The VPN Concentrator bundles the incoming VPN connections, assigns fixed IP adresses and handles routing and NAT.
An integrated PKI automatically creates device-specific certificates. All client VPN certificates are signed by a central authority. In this way, trust is maintained from the end device to the central and parent Certificate Authority or CA for short. Instead of the integrated CA, a user‘s own CA can also be used. It is also possible to connect a user‘s own PKI.
The device management automatically distributes the certificates and VPN configurations. This works with Welotec devices or Docker Container enabled devices, which are connected via VPN Container Client (VPN-CC). Welotec devices additionally support template-based management of firmware and device configurations.
High device compatibility and application flexibility for secure industrial VPN tunnels
Depending on application and frame conditions, users face different challenges how to implement a secure VPN infrastructure. With Welotec VPN security suite users are equipped with a solution opening a wide range of possibilities for best IT and OT convergence, also in the case of hardware retrofitting. Below please find a short overview of the relevant connection possibilities:
- Connection to end devices via Welotec TK800 VPN Router. In case of mass deployment, the rollout can be managed via Zero-Touch-Provisioning (see use-case down below).
- Connection to end devices with Docker Container: integrated VPN Container Client for quick generation of of VPN infrastructures. Rollout can be deployed through Cloud, Docker Swarm or Kubernetes.
- Access to stand-alone devices via OpenVPN
- Industrial VPN Router for IPC remote access
Fig. Device compatability – Welotec VPN Security Suite
Implications for Business
The successful implementation of a VPN infrastructure not only has advantages in terms of the implementation process or IT security. It also provides users with access to important data, which nowadays is the most important resource for business success.
- Data gathering for increased efficiency and better decision making (e.g. maintenance or predictive maintenance)
- Improved analysis and processing through integration of data into third party systems via API (e.g. Big Data or Monitoring)
- OT VPN – Secure industrial remote access to distributed devices and connected machines from all around the world – 24/7 access
- Increased efficiency through less effort in travel and staff presence
- Better service quality through predictive maintenance and reduced down-times
- Potential for new services and business models (e.g. Software-as-a-Service, Equipment-as-a-Service)
Use Case: building a VPN tunnel with Welotec VPN Security Suite and TK800 4G LTE VPN Router
Welotec TK800 Router is pre-configured at Welotec Factory and SIM is installed.
Devices (e.g. 10x TK800 Router) are shipped to the customer
Customer install TK800 at the machine, connect 4G antenna, Ethernet Cable and Power.
TK800 is going online and showing up in the Welotec VPN Security Suite (self-registration).
Customer can activate TK800 in the Welotec VPN Security Suite and assign a configuration.
Configuration and Credentials are installed in the TK800.
Secure Remote Access from a Computer – over the Welotec VPN Security Suite – to the device behind the TK800 (e.g. a PLC) is seamless possible.